Sign in with
Sign up | Sign in
Your question

MBR virus

Last response: in Windows XP
Share
Anonymous
July 17, 2005 4:03:01 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi there:
My other computer seems to have a MBR virus. I have searched the MS KB for
help in getting rid of it, but all it says is what NOT to use to get rid of
it ( XP resource kit, chapter 27, MBR viruses).
Any help in how to get rid of it?
Thanks
John

More about : mbr virus

July 17, 2005 4:49:55 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

JohnnyJomp wrote:

> Hi there:
> My other computer seems to have a MBR virus. I have searched the MS KB
> for help in getting rid of it, but all it says is what NOT to use to
> get rid of it ( XP resource kit, chapter 27, MBR viruses).
> Any help in how to get rid of it?
> Thanks
> John

How do you know you have an MBR virus? What are the symptoms and the
exact text of any error messages you are getting?

Malke
--
MS-MVP Windows User/Shell
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"
Anonymous
July 17, 2005 5:07:01 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi Malke.
I reformatted the HD, installed XP Home, attached to the internet, and IE
opened automatically everytime I booted up, going to a non-MS site.
I reformatted, reinstalled another few times, and still have issues like a
dos-like window opending up automatically, warning-like notices telling me to
go to non-MS sites to download security software, etc.
My antivirus software detects a virus that it can not rename, delete or
disinfects, even after reformatting again, etc.
John

"Malke" wrote:

> JohnnyJomp wrote:
>
> > Hi there:
> > My other computer seems to have a MBR virus. I have searched the MS KB
> > for help in getting rid of it, but all it says is what NOT to use to
> > get rid of it ( XP resource kit, chapter 27, MBR viruses).
> > Any help in how to get rid of it?
> > Thanks
> > John
>
> How do you know you have an MBR virus? What are the symptoms and the
> exact text of any error messages you are getting?
>
> Malke
> --
> MS-MVP Windows User/Shell
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic"
>
Related resources
July 17, 2005 6:00:49 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

JohnnyJomp wrote:

> Hi Malke.
> I reformatted the HD, installed XP Home, attached to the internet, and
> IE opened automatically everytime I booted up, going to a non-MS site.
> I reformatted, reinstalled another few times, and still have issues
> like a dos-like window opending up automatically, warning-like notices
> telling me to go to non-MS sites to download security software, etc.
> My antivirus software detects a virus that it can not rename, delete
> or disinfects, even after reformatting again, etc.
> John
>

OK, when you say "reformatted", you mean you actually booted with the XP
cd, deleted the partition, created a new partition, and then
clean-installed XP? Did you connect to the internet before putting a
firewall and antivirus in place?

What is the name of the virus that your antivirus detects? What av
program are you using - name, version, and if your definitions are
current.

Malke
--
MS-MVP Windows User/Shell
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"
Anonymous
July 17, 2005 6:15:16 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Please consult the experts in the virus removal newsgroup:
news://msnews.microsoft.com/microsoft.public.security.virus

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=i...

Antivirus software: Frequently asked questions
http://www.microsoft.com/athome/security/protect/antivi...

3 Simple Steps to Help Ensure the Protection of Your PC
http://www.microsoft.com/athom­e/security/protect/default.msp­x

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/window...

-------------------------------------------------------------------------------------------

"JohnnyJomp" wrote:

| Hi there:
| My other computer seems to have a MBR virus. I have searched the MS KB for
| help in getting rid of it, but all it says is what NOT to use to get rid of
| it ( XP resource kit, chapter 27, MBR viruses).
| Any help in how to get rid of it?
| Thanks
| John
Anonymous
July 17, 2005 7:14:24 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"JohnnyJomp" <JohnnyJomp@discussions.microsoft.com> wrote in message
news:9E13E4E5-9EA8-4A08-9984-4178E27BC240@microsoft.com...
> Hi Malke.
> I reformatted the HD, installed XP Home, attached to the internet, and IE
> opened automatically everytime I booted up, going to a non-MS site.
> I reformatted, reinstalled another few times, and still have issues like a
> dos-like window opending up automatically, warning-like notices telling me
> to
> go to non-MS sites to download security software, etc.
> My antivirus software detects a virus that it can not rename, delete or
> disinfects, even after reformatting again, etc.
> John
>

Does your version of XP has SP2. If not do not connect to the Internet until
you have SP2 or a firewall installed. You will be infected in minutes,
possibly seconds. It sounds like you don't have SP2 as the warning messages
you describe are probably sent through the Windows Messenger service. Note:
this is different from the Windows Messenger program and not related. SP2
turne off this service by default.

Download SP2 from here:

http://www.microsoft.com/downloads/details.aspx?FamilyI...

Burn it to CD. Reinstall Windows again making sure you are not connected to
the Internet. If you are using broadband disconnect the ethernet cable or
USB cable. Make sure you delete, then recreate the partition you want to
install Windows on. Once Windows is installed immediately install SP2 or a
firewall. Once SP2 or a firewall is installed you can finish installing
drivers, connect to the Internet, install Windows updates, etc.

Kerry



> "Malke" wrote:
>
>> JohnnyJomp wrote:
>>
>> > Hi there:
>> > My other computer seems to have a MBR virus. I have searched the MS KB
>> > for help in getting rid of it, but all it says is what NOT to use to
>> > get rid of it ( XP resource kit, chapter 27, MBR viruses).
>> > Any help in how to get rid of it?
>> > Thanks
>> > John
>>
>> How do you know you have an MBR virus? What are the symptoms and the
>> exact text of any error messages you are getting?
>>
>> Malke
>> --
>> MS-MVP Windows User/Shell
>> Elephant Boy Computers
>> www.elephantboycomputers.com
>> "Don't Panic"
>>
Anonymous
July 18, 2005 1:51:58 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "JohnnyJomp" <JohnnyJomp@discussions.microsoft.com>

| Hi Malke.
| I reformatted the HD, installed XP Home, attached to the internet, and IE
| opened automatically everytime I booted up, going to a non-MS site.
| I reformatted, reinstalled another few times, and still have issues like a
| dos-like window opending up automatically, warning-like notices telling me to
| go to non-MS sites to download security software, etc.
| My antivirus software detects a virus that it can not rename, delete or
| disinfects, even after reformatting again, etc.
| John

Your symptoms are not that of a Boot Sector Infector.

You did state "My antivirus software detects a virus..." but you did not tell us the AV
application nor provide us with the fully qualified path and name of the infected file or
the name of the virus that file is infected with. It is more than difficult to provide help
with so little information.

Just to be sure, you can use the IVINIT utility at Invircible which handles boot sector
infectors.
http://www.invircible.com/iv_tools.php#Ivinit

You can also use the Multy vendor AV scanner utility for other types of viruses.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove
viruses and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or FTP.EXE to go
through your FireWall to allow them to download the needed AV vendor related files.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Anonymous
July 22, 2005 3:41:02 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi all...
I gave up on fixing the problem. I installed a new hard drive, reformatted
it, did a clean install, and all is well.
When I have a moment (now I have a problem with my own computer!), I will
certainly try all the suggestions here.
Thanks again; you guys rock!
John

"David H. Lipman" wrote:

> From: "JohnnyJomp" <JohnnyJomp@discussions.microsoft.com>
>
> | Hi Malke.
> | I reformatted the HD, installed XP Home, attached to the internet, and IE
> | opened automatically everytime I booted up, going to a non-MS site.
> | I reformatted, reinstalled another few times, and still have issues like a
> | dos-like window opending up automatically, warning-like notices telling me to
> | go to non-MS sites to download security software, etc.
> | My antivirus software detects a virus that it can not rename, delete or
> | disinfects, even after reformatting again, etc.
> | John
>
> Your symptoms are not that of a Boot Sector Infector.
>
> You did state "My antivirus software detects a virus..." but you did not tell us the AV
> application nor provide us with the fully qualified path and name of the infected file or
> the name of the virus that file is infected with. It is more than difficult to provide help
> with so little information.
>
> Just to be sure, you can use the IVINIT utility at Invircible which handles boot sector
> infectors.
> http://www.invircible.com/iv_tools.php#Ivinit
>
> You can also use the Multy vendor AV scanner utility for other types of viruses.
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
> http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
> (.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
> simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
> remove
> viruses and various other malware.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode. This
> way all the components can be downloaded from each AV vendor’s web site.
> The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file.
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or FTP.EXE to go
> through your FireWall to allow them to download the needed AV vendor related files.
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
!